<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>></span> I'd ask what you want the bootstrap to be - a mini website for Non-techies or a sort of techie play space?<o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Both. I did few things over the last few days: I added some new nodes that are defined as advanced. You only see them if you click the show advanced checkbox – see below, you can toggle the script, canvas and html nodes on or off, they appear below the divider. So non-techs never need to see them. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Rather than try and support a load of different html tags (I did canvas and thought, hang on, where does this end?), I added a specific tag for html, to distinguish it from text elements (second show below), mainly because bootstrap has all those components that you need to define using html, and they are useful if you know what to do with them – and you also need to write javascript to use them or respond to user input).<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>I also added the ability to define styles on the project (root) icon, via an optional property, and as well, you can upload a stylesheet if you’d rather. You already know I added the ability to load third party libraries, and there is a script tag for writing javascript (third show below). <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>You can see this piece at <a href="http://www.nottingham.ac.uk/toolkits/play_8222">http://www.nottingham.ac.uk/toolkits/play_8222</a>). So all in all, it’s very powerful.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><img border=0 width=818 height=730 id="Picture_x0020_1" src="cid:image001.png@01CE56DB.1C445570"><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><img border=0 width=818 height=730 id="Picture_x0020_2" src="cid:image002.png@01CE56DB.1C445570"><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><img border=0 width=818 height=730 id="Picture_x0020_3" src="cid:image003.png@01CE56DB.7B60EFA0"><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> xerte-dev-bounces@lists.nottingham.ac.uk [mailto:xerte-dev-bounces@lists.nottingham.ac.uk] <b>On Behalf Of </b>Pat @ Pgogy <br><b>Sent:</b> 22 May 2013 09:59<br><b>To:</b> For Xerte technical developers<br><b>Subject:</b> [Xerte-dev] Re: Upload and security<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>JavaScript is in the banned list I think<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I'd ask what you want the bootstrap to be - a mini website for Non-techies or a sort of techie play space?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>On 21 May 2013, at 10:00, Julian Tenney <<a href="mailto:Julian.Tenney@nottingham.ac.uk">Julian.Tenney@nottingham.ac.uk</a>> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>Just reprising a recent conversation about uploading javascript. You guys weren’t keen. I just uploaded a txt file with javascript in it, loaded via a script tag in the bootstrap template and it – of course – executes, but we knew that anyway.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Is it the case that only authorised users – those logged in – can get anything through upload.php? Should authorised users be able to upload javascript?<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Second and slightly related question, playing around with the bootstrap template wizard: I got it adding canvas, and thought about other userful building blocks for developers. You could define them in a text icon <canvas width=”500” height=”350”/> and then script them from a script icon, so are we gaining anything at the expense of confusing users who don’t know what scripts and canvases do? I just though ‘well, where does it end? Divs, styles, etc’ and we can do it all with text anyway. But in looking at some of this stuff, it would really be handy to be able to upload scripts, because writing anything more than trivial in the wizard is going to be gribbly.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>What do you think?<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><image001.png><o:p></o:p></p></div></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>_______________________________________________<br>Xerte-dev mailing list<br><a href="mailto:Xerte-dev@lists.nottingham.ac.uk">Xerte-dev@lists.nottingham.ac.uk</a><br><a href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</a><o:p></o:p></span></p></div></blockquote></div></body></html>